Skip to main content
CVE-2017-4939 HIGH This Week

VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE VMware Workstation
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-1000187 HIGH This Week

In SWFTools, an address access exception was found in pdf2swf. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Swftools
NVD GitHub
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-10887 HIGH This Week

Untrusted search path vulnerability in BOOK WALKER for Windows Ver.1.2.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Book Walker
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-4937 HIGH PATCH This Week

VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. Rated high severity (CVSS 7.8).

Denial Of Service Buffer Overflow Microsoft Information Disclosure VMware +2
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-4935 HIGH PATCH This Week

VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. Rated high severity (CVSS 7.8).

Denial Of Service Buffer Overflow Microsoft Memory Corruption VMware +2
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-4936 HIGH PATCH This Week

VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. Rated high severity (CVSS 7.8).

Denial Of Service Buffer Overflow Microsoft Information Disclosure VMware +2
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-4927 HIGH This Week

VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service LDAP Code Injection VMware Vcenter Server
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2017-1000189 HIGH PATCH This Week

nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ejs
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2017-16875 HIGH This Week

An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Pjsip
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-13703 HIGH This Week

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Eds G512E Firmware
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-1000200 HIGH PATCH This Week

tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Tcmu Runner
NVD GitHub
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-1000230 HIGH This Week

The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Snap7 Server
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-1000198 HIGH PATCH This Week

tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Tcmu Runner
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-1000129 HIGH This Week

Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Information Disclosure Serendipity
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-1000199 HIGH This Week

tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tcmu Runner
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-1000191 HIGH This Week

Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jool
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-1000247 HIGH PATCH This Week

British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Apache Codeigniter
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-1000195 HIGH PATCH This Week

October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization PHP October
NVD GitHub
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-4928 HIGH PATCH This Week

The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

SSRF CSRF Information Disclosure Vcenter Server
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-14111 HIGH This Week

The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Intellispace Cardiovascular Xcelera
NVD
CVSS 3.0
7.2
EPSS
1.0%
CVE-2017-1000168 MEDIUM PATCH This Month

sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate public keys. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sodiumoxide
NVD GitHub
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-4938 MEDIUM PATCH This Month

VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service VMware Workstation Fusion
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2017-1000193 MEDIUM PATCH This Month

October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS RCE October
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-16880 MEDIUM PATCH This Month

The dump function in Util/TemplateHelper.php in filp whoops before 2.1.13 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Whoops
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-1000188 MEDIUM PATCH This Month

nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ejs
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-4929 MEDIUM PATCH This Month

VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a moderate Cross-Site Scripting (XSS) issue which may lead to information disclosure. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS VMware Information Disclosure Nsx Edge
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-1000209 MEDIUM PATCH This Month

The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Java Information Disclosure Nv Websocket Client
NVD GitHub
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-1000127 MEDIUM This Month

Exiv2 0.26 contains a heap buffer overflow in tiff parser. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Exiv2
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-1000126 MEDIUM This Month

exiv2 0.26 contains a Stack out of bounds read in webp parser. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Exiv2
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-1000128 MEDIUM This Month

Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Exiv2
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-10888 MEDIUM This Month

BOOK WALKER for Windows Ver.1.2.9 and earlier, BOOK WALKER for Mac Ver.1.2.5 and earlier allow an attacker to access local files via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Book Walker
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-16868 MEDIUM This Month

In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Swftools
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-15517 MEDIUM This Month

AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Altavault Ost Plug In
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-1000186 MEDIUM This Month

In SWFTools, a stack overflow was found in pdf2swf. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Swftools
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-1000185 MEDIUM This Month

In SWFTools, a memcpy buffer overflow was found in gif2swf. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Swftools
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-1000176 MEDIUM This Month

In SWFTools, a memcpy buffer overflow was found in swfc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Swftools
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-1000182 MEDIUM This Month

In SWFTools, a memory leak was found in wav2swf. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Swftools
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-1000174 MEDIUM This Month

In SWFTools, an address access exception was found in swfdump swf_GetBits(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Swftools
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-1000201 MEDIUM PATCH This Month

The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Tcmu Runner
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-1000160 MEDIUM This Month

EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Expressionengine
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1000223 MEDIUM This Month

A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Modx Revolution
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-10886 MEDIUM This Month

Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cs Cart Cs Cart Multivendor
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1000240 MEDIUM This Month

The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Openemr
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-13702 MEDIUM This Month

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eds G512E Firmware
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2017-1000211 MEDIUM This Month

Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free Lynx
NVD GitHub
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-1000246 MEDIUM PATCH This Month

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Pysaml2
NVD GitHub
CVSS 3.0
5.3
EPSS
0.1%
CVE-2017-13700 MEDIUM This Month

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Eds G512E Firmware
NVD
CVSS 3.0
4.8
EPSS
0.3%
CVE-2017-1000213 MEDIUM PATCH This Month

WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Wbce Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-10890 MEDIUM This Month

Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Rx V200 Firmware Rx V100 Firmware Rx Clv1 P Firmware +2
NVD
CVSS 3.0
4.6
EPSS
0.1%
CVE-2017-10889 MEDIUM This Month

TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Tablepress
NVD
CVSS 3.0
4.3
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy